Google hasn’t released information on all of the flaws patched in this update, but did say it paid nearly $40,000 in bug bounties, with an additional $14,500 in rewards issued for security bugs present on non-stable channels.

One of the most important vulnerabilities fixed was a same-origin bypass flaw in Blink and a same-origin bypass in Pepper Plugin.

There was also a bad cast in Extensions disclosed by an anonymous researcher.

There were also two use-after-free in Blink flaws.

Google said its internal testers were also responsible for a series of fixes in the new browser release. Among these, the company includes various fixes from internal audits, fuzzing and other initiatives and said multiple vulnerabilities in V8 ended up fixed at the tip of the 4.9 branch (currently 4.9.385.26).

Access to bug details and links end up restricted until the fixes reach a majority of users, with the restrictions remaining in place for bugs that exist in third party libraries that other projects depend on but haven’t yet fixed.